Skill
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If a user follows this command, remote code can run locally and change their OpenClaw workspace and cron configuration.
The documented manual install path runs a mutable script from the master branch directly through bash, so the executed code could differ from the reviewed artifact.
curl -fsSL https://raw.githubusercontent.com/useens/moltcare-open/master/skill/scripts/install.sh | bash
Prefer the reviewed ClawHub package or a pinned commit; inspect the script before running it and avoid piping remote scripts directly to bash.
Existing agent rules, user profile data, or long-term memories could be overwritten, changing future agent behavior or causing local configuration/data loss.
The installer unconditionally copies core templates into the root OpenClaw workspace, where they are used as persistent agent instructions and memory, without checking for existing files or making backups.
cp "${ASSETS_DIR}/AGENTS.md" "${WORKSPACE}/"
cp "${ASSETS_DIR}/SOUL.md" "${WORKSPACE}/"
cp "${ASSETS_DIR}/USER.md" "${WORKSPACE}/"
cp "${ASSETS_DIR}/MEMORY.md" "${WORKSPACE}/"Back up existing workspace files, review diffs before overwriting, and update the installer to prompt, create backups, or use non-destructive copy behavior.
A scheduled task will persist after installation and write a trigger file every week, which may unexpectedly influence future agent sessions.
The installer describes the cron setup as optional but adds the recurring crontab entry automatically without asking the user.
echo "⏰ Configuring weekly token audit (optional)..."
if ! crontab -l 2>/dev/null | grep -q "检查token优化"; then
(crontab -l 2>/dev/null; echo "0 3 * * 1 cd ${WORKSPACE} && echo '检查token优化' >> ${WORKSPACE}/.audit-trigger 2>&1") | crontab -Make cron setup explicitly opt-in, show the exact cron entry before installation, and provide a clear uninstall command.
The agent may become more proactive and persistent than expected, including using tools before asking clarifying questions.
The installed prompt changes the agent's stopping behavior and encourages tool use before asking the user, although other parts of the same file include safety boundaries for irreversible and sensitive actions.
未穷尽所有方案前,禁止说"无法解决" ... 先用工具排查,再问用户确认
Review and edit SOUL.md/AGENTS.md so the agent's autonomy level matches your comfort level, especially for file changes, external actions, and long-running troubleshooting.
User preferences, constraints, and task details may persist across sessions and influence later agent behavior.
The framework intentionally creates persistent memory records from task evaluations and may update long-term memory automatically.
≥2项 | 写入 memory/YYYY-MM-DD.md ≥3项 | 同时更新 MEMORY.md
Periodically review the memory files, avoid storing sensitive information, and require confirmation before saving private or high-impact memories.